CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,414 vulnerabilities with CWE-79
CVE-2024-11971
LOW
Guizhou Xiaoma Technology jpress 5.1.2 - XSS
CVSS 3.5
CVE-2024-53731
MEDIUM
Fintelligence Calculator <1.0.3 - XSS
CVSS 6.5
CVE-2024-53737
MEDIUM
WP Mailster <= 1.8.16.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-53733
HIGH
Fence URL <= 2.0.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-11402
HIGH
WP-speedup Block Editor Bootstrap Blocks <6.6.1 - XSS
CVSS 7.1
CVE-2024-52283
MEDIUM
SUSE hackweek < 8d2b6bda67bd0f1914cb0851b8ae71b73e26b156 - Stored Cross-Site Scripting
CVSS 5.7
CVE-2024-49503
LOW
SUSE manager <5.0.15-150600.3.10.2 - XSS
CVSS 3.5
CVE-2024-49502
LOW
SUSE Manager Server Module < 4.3.42-150400.3.52.1 - Cross-Site Scripting in Setup Wizard HTTP Proxy Credentials Pane
CVSS 3.5
CVE-2024-11788
MEDIUM
StreamWeasels YouTube Integration <1.3.6 - XSS
CVSS 6.4
CVE-2024-11786
MEDIUM
WordPress Login with Vipps & MobilePay <1.3.3 - XSS
CVSS 6.4
CVE-2024-11761
MEDIUM
LegalWeb Cloud <= 1.1.2 - Authenticated Stored Cross-Site Scripting via legalweb-popup Shortcode
CVSS 6.4
CVE-2024-11685
MEDIUM
Kudos Donations - Easy donations and payments with Mollie <3.2.9 - XSS
CVSS 6.1
CVE-2024-11684
MEDIUM
Kudos Donations < 3.2.9 - Unauthenticated Reflected XSS via 's' Parameter
CVSS 6.1
CVE-2024-11458
MEDIUM
FAQ Builder AYS < 1.7.1 - Unauthenticated Reflected Cross-Site Scripting via ays_faq_tab Parameter
CVSS 6.1
CVE-2024-11431
MEDIUM
Ragic Shortcode <= 1.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11366
MEDIUM
SEO Landing Page Generator <1.66.2 - XSS
CVSS 6.1
CVE-2024-11333
MEDIUM
HLS Player <= 1.0.10 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11203
MEDIUM
EmbedPress < 4.1.3 - Authenticated Stored Cross-Site Scripting via Provider Name Parameter
CVSS 6.4
CVE-2024-10510
MEDIUM
adBuddy+ (AdBlocker Detection) < 1.1.3 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-10493
MEDIUM
Element Pack Elementor Addons < 5.10.3 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
CVE-2024-10473
MEDIUM
Logo Slider < 4.5.0 - Authenticated Stored Cross-Site Scripting in Logo Settings
CVSS 5.4
CVE-2024-54003
HIGH
Jenkins Simple Queue Plugin <1.4.4 - XSS
CVSS 8.0
CVE-2024-52951
HIGH
Omada Identity - Authenticated Stored Cross-Site Scripting in Access Request History
CVSS 8.0
CVE-2024-46055
MEDIUM
OpenVidReview 1.0 - Stored Cross-Site Scripting in Review Names
CVSS 4.8
CVE-2024-53635
MEDIUM
PHPGurukul COVID 19 Testing Management System 1.0 - Reflected Cross-Site Scripting via searchdata Parameter
CVSS 4.8
Details
Vulnerabilities
45,414
Exploit Likelihood
High